By prudloff on
Change record status:
Draft (View all draft change records)
Project:
Introduced in branch:
11.3.x
Introduced in version:
Issue links:
Description:
UserThemeHooks::preprocessUsername() now checks access for the "view label" operation.
This means the username.html.twig template does not display the username if access is not allowed for the "view label" operation for the displayed user.
The "view label" operation is always allowed by default but it can be altered with hook_user_access:
/**
* Implements hook_ENTITY_TYPE_access().
*/
function test_user_access(EntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface {
if ($operation == 'view label') {
return AccessResult::forbidden("Don't allow access to usernames.");
}
return AccessResult::neutral();
}
Impacts:
Site builders, administrators, editors
